Home   VoIP   IP-PBX Software   Top Security Issues With IP-PBX Systems

Top Security Issues With IP-PBX Systems
IP-PBX systems in a small office

Modern IP-PBX Systems and Security Considerations

Use of Voice over IP technology has seen rapid growth in recent years. And like any other popular internet-based technology, IP-PBX systems present users with a certain number of security risks. Indeed, IP telephone protocols are vulnerable to a wide range of low-level attacks, including session hijacking, identity theft and network traffic sniffing, which allow hackers to decipher and listen to private voice conversations. Businesses currently on the market for IP-PBX systems should make sure that the software they choose will have safeguards in place to protect against some of the more common VoIP attacks, outlined below.

VOIP Fraud

VOIP fraud is accomplished by identifying a security loophole in a VOIP system and determining which routes are associated to which accounts. Hackers employ tools (which vary in sophistication) and user-ID-generators to send calls to a company phone system. Calls which are successfully routed are then stored alongside the generated ID for future disturbance. Some software providers have designed SIP Stack and Call Controller modules aimed at discovering and acting upon attack of this nature.  Dial-Office IP-PBX, for example, will immediately connect intercepted hack calls to a fake route (dead air) while simultaneously recording the source’s IP address. All subsequent calls from that IP Address are then automatically dispatched to a fake route.

VOIP Spoofing

Spoofing is an attack which consists of ‘turtling’ a system in order to disrupt network service. This type of attack is of particular concern as it can be orchestrated by experienced and  ‘novice’ hackers alike. Quality IP-PBX systems will typically feature a process that determines the IP address from which ‘Spoof’ SIP messages are sent. Once illegitimate SIP messages have been identified & filtered-out, the IP address from which they are sent will usually be banned, though this is often left to the discretion of the PBX administrator.

VOIP Spying

Given the highly confidential nature of certain calls, professional-grade IP-PBX, Softswitch & hosted PBX solutions will often feature systems with multiple levels of signal & voice encryption to provide additional security. One such system combines the standard method (TLS for signal & SRTP for voice) with IP Phone proprietary protocols to achieve what is sometimes referred to as ‘end-to-end encryption’.

IP telephone systems offer a great number of business benefits to users, including reduced operating costs & a superior degree of responsiveness. Nevertheless, software- and especially web-based PBX solutions should not be adopted without careful consideration of the security issues at hand. As for companies who are already ‘saddled in’, regular checking for software updates, patches & add-ons is an essential step towards reducing the latest VoIP vulnerability risks.